With Sqreen, Be Safe When Developing

French startup Sqreen wants you to rethink how you deal with security for your web-based apps. With little effort, Sqreen can inspect, track and fix security holes, acting like a shield. You won’t have to change your workflow as Sqreen plugs to your existing app.

The startup just raised $2.3 million from Alven Capital, Point Nine Capital, as well as Kima Ventures, 50 Partners and business angels, such as Marc Verstaen, Thibaud Elziere, Francis Nappez, Philippe Plichon and Justin Ziegler.

In many ways, Sqreen works like New Relic, but for security threats. Sqreen uses a software-as-a-service approach to inspect your own application. You install it with a few command lines, and you’ll instantly get a dashboard with security events and some level of protection.

Once you plug your app with Sqreen, the service will inject some code in your Ruby on Rails application (and soon Python) to monitor what’s happening. Sqreen doesn’t act as a firewall between outside requests and your application.

The service also automatically uploads some technical information to the company’s server, like memory dumps. Slowly but surely, Sqreen is building a big dataset of security threats. Then, Sqreen can recommend fixes, like SQL sanitization requests, user input restrictions to prevent XSS exploits, etc. For the most obvious security threats, Sqreen will protect your web app.

Eventually, the startup wants to leverage machine learning to automate most of these fixes. Sqreen is not there yet, but that’s part of the reason why the service is collecting data from your app.

Before Sqreen, the two co-founders worked together at Apple on the security team. “Jean-Baptiste [Aviat] and I worked together and we were supposed to attack Apple’s products,” co-founder and CEO Pierre Betouin told me. “We would find security threats and report them to engineers.”

But this process could be slow and frustrating as it was very manual. Finding threats takes time, and once your report them, it’s possible that Apple has already shipped multiple versions of an app or operating system with some important code changes. And your fix only gets shipped in the next version as well.

“We would inspect memory all the time. So we thought that a cool approach would be to create a shield for your apps with a hackbot,” Betouin said. “Hackbots are pretty usual, but our innovation was the shield. We built a prototype that worked really well but was really hard to use. So we removed the hackbot and found a way to integrate the shield directly into the web-based apps.”

And that’s how Sqreen was born. The company is just starting as it doesn’t support a lot of languages just yet. You can expect Java, Node or PHP support at some point. The pricing isn’t clear just yet as well as the company wants to provide a freemium service but isn’t sure about the subscription levels.

But it’s already working quite well as It already protects production versions of a few popular web-based apps. It only requires an overhead of around 4 percent when it comes to server resources.

It reminds me of Algolia, a popular real-time search startup that plugs to your website and relies on a software-as-a-service approach as well. Both startups are externalizing parts of your web-based app. It allows developers to focus on other things and could become a trend.